Kaufman: UVMMC failed to protect us from cybercrime

by Dr. Jeffrey Kaufman
Steven Leffler [UVMMC President quoted on WCAX news report] fails to take responsibility for a multi million dollar gamble which the medical center network lost by not taking adequate measures to prevent a devastating ransomware attack. 

Knowing full well that they were vulnerable to ransomware piracy UVMMC failed to spend the money required to prevent being victimized.  

At the time, responsible businesses, especially those which would suffer severely if exposed, dug down and spent modest money to harden their IT defenses.  But Not UVMMC.

Instead, they were hit hard.  

The attack not only paralyzed patient care; inpatient and outpatient, as medical records and critical medical center data files were no longer available; critical hospital administrative functions; but captured HIPAA protected confidential patient medical records for what must be a majority of all Vermonters were exposed to ruthless criminals, apparently located overseas, out of U.S. jurisdiction and law enforcement hands.  

While payment of the ransom demand could be exchanged for return of the records and files allowing re-establishment of operations, confidentiality was already breached and laid wide open. Vermonters and UVMMC staff suffering was prolonged as the stolen records were not restored for an extended period of time. In some settings such carelessness could be considered criminal negligence. This being Vermont’s UVMMC, VT Attorney General TJ Donovan chose not to prosecute.  

So who lost? Vermonters.

And now, a couple of years later when some forget the months of pain UVM staff struggled through while attempting to provide needed services, the attack is renewed with vigor in the form of proposed massive rate hikes to cover losses Vermonters had no way to avoid, prevent, nor mitigate. Vermonters were the true victims during the attack and it’s aftermath and are now, silently, being subjected to a new ransom threat which only they will pay.

The author is a retired MD living in the Northeast Kingdom.

Categories: Commentary

3 replies »

  1. As someone who has worked in their IT department this is 100% spot on. They promote those who get along instead of those who work hard. They fail bad management upwards and they spend money frivolously yet fail to secure the data over and over again.

    It was some of the sloppiest IT work I have ever seen at an organization of even a 10th of that size with nothing but bad culture and relying on only a few to get the job done or a select set of vendors that were taking them for every penny. A lot of times the vendor did the work getting paid hundreds an hour while your highly paid IT worker sat in a chair babysitting.

    They waste millions of dollars a year on licensing and hardware because they refuse to learn simple server infrastructure technology. That’s not my opinion that was from the vendor making the millions (every year)!

    One time I heard a high level manager say it’s only 10k, we’ll just order a few more MRI’s, exactly what they are doing here.

    That’s not a joke, for many people that is life changing money and even if the insurance pays it, it still comes out of the pockets of the insured.

    This is yet another reason your healthcare money goes up every year and the care gets worse, there is no competition and no incentive to do better, they just charge more and complain that they don’t have enough money.

    Liberal heart strings are plucked every time….

  2. Unfortunately this state and healthcare system have allowed a monopoly to overtake it of these big hospitals swallowing up smaller ones. Just like what happened with the big box lot stores and chain stores that put small businesses out of business in this state. When this happens people are beholding to them with little to no other choice. Dartmouth hospital is doing the same with Allice Peck Day, Gifford in Vt. and many in NH. Instead of the state helping these smaller hospitals survive they cater to the biggest giving them the monoply and control and not watching how the money is spent!
    It has happened in our Colleges and schools with the people loosing control and being taken over by government mandates or no funding.
    The state government itself has grown to the point that the people no longer have a voice with all the programs that it hands out to people who eagerly recieve them so it keeps growing.
    People who continue to feed the pig will eventually get swallowed by it!

Leave a Reply